8. Datacenter & Infrastructure
8.1 Primary Datacenter (Sulaymaniyah) — Tier III+
| Spec | Details |
| Location | Sulaymaniyah (Primary), Erbil (KRDPASS/Digital Signatures + Future Active-Active) |
| Tier | Uptime Institute Tier III (N+1 redundancy) |
| Power | 2N power feeds, diesel generators (72hr fuel) |
| Cooling | Hot/cold aisle containment, precision cooling |
| Connectivity | Dual ISP uplinks, dedicated fiber link Sulaymaniyah ↔ Erbil |
| Physical Security | Biometric access, CCTV, mantrap entry, 24/7 NOC |
8.2 Server Hardware
| Role | Hardware | Quantity |
| Compute Nodes | Dell PowerEdge R760 / HPE ProLiant DL380 Gen11 | 20+ |
| Storage | Dell PowerStore / NetApp AFF A-series (NVMe) | 2 arrays |
| Backup Storage | Synology RS4021xs+ (scale-out NAS) | 4 units |
| Network | Cisco Nexus 9300 / Arista 7050X | Core + ToR switches |
| Load Balancers | F5 BIG-IP (hardware) or HAProxy (software) | 2 HA pairs |
| GPU Nodes | NVIDIA A100 or H100 (for AI/ML workloads) | 2-4 |
8.3 Network Architecture
graph TD
INET["🌐 Internet"] --> DDOS["DDoS Mitigation\n(On-Premise)"]
DDOS --> ROUTERS["Border Routers\n(BGP, Dual ISP)"]
ROUTERS --> ARBOR["Deep Packet Inspection\n(Arbor / Netscout)"]
ARBOR --> FW["Firewall Cluster\n(pfSense HA)"]
FW --> DMZ
FW --> APPVLAN
FW --> DATAVLAN
subgraph DMZ["DMZ VLAN"]
N["Nginx"] ~~~ K["Kong"] ~~~ W["WAF"]
end
subgraph APPVLAN["APP VLAN"]
K8S["K8s Nodes"]
end
subgraph DATAVLAN["DATA VLAN"]
PG["PostgreSQL"] ~~~ KFK["Kafka"] ~~~ RD["Redis"]
end
subgraph MGMT["MANAGEMENT VLAN"]
WZ["Wazuh"] ~~~ VLT["Vault"] ~~~ ANS["Ansible"]
end
DMZ -.->|manages| MGMT
APPVLAN -.->|manages| MGMT
DATAVLAN -.->|manages| MGMT